bbdb318019de9c7dac8145b2b10faee54d3fff24623f867e1a2b4ed51c8c1b32

Sharing

Copy URL

Twitter E-mail

General

Target

bbdb318019de9c7dac8145b2b10faee54d3fff24623f867e1a2b4ed51c8c1b32
Size

765KB
MD5

08aea81e56fa4b3d0757f9d21248b526
SHA1

1cbb5c2f8a65f6d5f756d6c4001d5a4cc6d6f87a
SHA256

bbdb318019de9c7dac8145b2b10faee54d3fff24623f867e1a2b4ed51c8c1b32
SHA512

e23e1305c9d594a224356cfefb04740d90b400b9423719407b9c8fb7237a47255cd53f763521bb1aeea7ebc877edbda32edc0c73304444a1cedcb777961d9fbc
SSDEEP

6144:KuFYv7Xuf6U0LR7Pf4ZjohLlmZnOiKKU05wieqFp/PTHwrDu0IViLpsKlpDe9lv:KMYvzrr9PCo1+nO5V02zf1sKz2Zz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
bbdb318019de9c7dac8145b2b10faee54d3fff24623f867e1a2b4ed51c8c1b32

Files

bbdb318019de9c7dac8145b2b10faee54d3fff24623f867e1a2b4ed51c8c1b32
.exe windows:6 windows x64 arch:x64

ea7f8a4551b523cf2d01cf04874c4ed6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SizeofResource
WriteProcessMemory
ResumeThread
CreateToolhelp32Snapshot
Sleep
Process32NextW
LockResource
Process32FirstW
CloseHandle
LoadResource
FindResourceW
QueueUserAPC
VirtualAllocEx
CreateProcessA
WriteConsoleW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
HeapSize
CreateFileW
RtlUnwind

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea7f8a4551b523cf2d01cf04874c4ed6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 153KB - Virtual size: 152KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 8KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 514KB - Virtual size: 513KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 153KB - Virtual size: 152KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 514KB - Virtual size: 513KB

.reloc
Size: 3KB - Virtual size: 3KB